FTSE 350 companies that are vital to Britain’s economic growth, and crucial to national security, are leaking data that can be used by cyber attackers to gain control of their intellectual property, perpetrate fraud and inflict reputational damage.

KPMG found that every single company was leaking data by leaving employee usernames, email addresses and sensitive internal file location information online, and therefore potentially could be used by hackers. In fact the firm found that, on average, 41 usernames, 44 email addresses and five sensitive internal file locations were available for each company.

Darren Anstee, Solutions Architect Global Team Lead, Arbor Networks

Cyber criminals are becoming more capable, and attacks more sophisticated. To counter this organisations have put solutions in place to detect and mitigate the various cyber-threats which can target them. Unfortunately, the weak link in a lot of cases is people, and giving attackers a head-start on useful usernames and email addresses doesn’t help.

“Organisations need to reduce their threat surface, to decrease the chance of a successful breach, and they need to ensure that they have policies and training in place so that employees can securely manage sensitive and private data. Large organisations should have the resources or services in place to ensure that they do everything possible to protect their intellectual property and their customer’s data. The Internet has brought opportunity and growth for many organisations, but it also brings risks.”

Ash Patel, Regional Director UK & Ireland, Stonesoft

With it reported only a few weeks ago by the GCHQ that British government and industry networks come under attack from sophisticated cyber operations at least 70 times a month, the revelations of this study are a major call for concern.

Businesses need to wake-up and realise how vulnerable they are in a digitalised world, and what kind of strategic cyber solutions need to embedded into company culture and practise to manage vulnerability. It’s no longer a question of ‘if’ you’ll be attacked, but ‘when’, and ignorance of the issue by FTSE companies in a hyper-digitalised world is no longer an excuse. The London Stock Exchange is at the economic heart of the country, and a successful assault could potentially cripple the nation and expose huge swathes of customer data to rogue attackers.

The British government is launching a number of schemes aimed at promoting cooperation between private and public sectors in this area, and these companies have a duty to ensure they are fully on-board.

These results aren’t surprising. Phishing is now the most common way companies are being breached. Our recent Webroot Web Security Survey recorded 55% of all companies being compromised by this type of attack. The issue with using public data in this way is that the email from the attacker is to all intents perfectly normal, will come from a known supplier, friend or business colleague and the phishing link appears genuine.

The poor recipient has no chance if nothing raises suspicion, even if they are ‘security aware’. Hence phishing is now the most successful cyber-attack breach – it targets the human factor and is difficult to detect. Plus, anti-phishing security technology is not working. It relies too much on trying to build blacklists of phishing sites and use those to block the users when they click on the link.

Of course commerce and industry as a whole need to recognise that security lies at the heart of human interaction and is the responsibility of everyone at the organisation – from CEO to secretary, and that security technology on its own can never be a panacea for lack of staff security awareness.

Spotlight

(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Learn about personal data bankruptcy and the cost of privacy, security and compliance, delivering digital security to a mobile world, and much more.

As ISPs, hosting providers and online enterprises around the world continue suffering the effects of DDoS attacks, often the discussions that follow are, “What is the best way to defend our networks and our customers against an attack?”

The code redirects visitors to another URL where the Fiesta exploit kit is hosted, which then tries to detect and exploit several vulnerabilities in various software. If it succeeds, the visitors are saddled with a banking Trojan.

Looking for an Android-based tablet for your child but don't know which one to choose? If you are concerned about the device's protection against random hackers, Bluebox Security has just released a review of the nine most popular Android tablet models aimed specifically at children.